lfg2025/archy
1
0
Fork 0
Code Issues 7 Pull Requests Actions Packages Projects Releases 33 Wiki Activity

fix(iso): 3 first-boot issues from .198 reinstall report

Browse Source 
1. nostr-vpn still failing despite last mask attempt — confirmed in
   the 6th ISO's rootfs.tar: the .service file was present but
   not in multi-user.target.wants. Previous `systemctl mask` silently
   no-oped because the real file was already there. Fixed properly
   with explicit `rm -f` + `ln -sf /dev/null` for nostr-vpn,
   archipelago-wg, and archipelago-wg-address — same /dev/null
   symlink state that `mask` would produce on a clean install.

2. Kiosk didn't come up on first boot, only on reboot. Extended the
   ExecStartPre health-poll from 30s → 120s (unbundled ISO takes
   longer to settle on first boot: archipelago initializes state,
   pulls FileBrowser, frontend settles), raised TimeoutStartSec to
   180s, and added After=systemd-user-sessions.service +
   After=network-online.target so X / Chromium aren't racing.

3. /init: line 29: can't create /root/etc/network/interfaces error
   on installer boot — debootstrap --variant=minbase omits ifupdown
   so the target has no /etc/network/ directory, and live-boot's
   init tries to seed it. Non-fatal but noisy. Added ifupdown +
   isc-dhcp-client to the debootstrap --include list.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Dorian
2026-04-19 09:54:12 -04:00
parent d2ba9d5523
commit 186f014747
2 changed files with 26 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
image-recipe/build-auto-installer-iso.sh
View File

@@ -465,10 +465,18 @@ RUN systemctl mask archipelago-fips.service || true
# Same rationale for nostr-vpn and wireguard helpers — their env files
# don't exist until onboarding completes, so leaving these "enabled"
# (the default from WantedBy=multi-user.target) produces a red
# [FAILED] in the boot MOTD every reboot. Mask by default; the
# onboarding flow / fips.install-equivalent RPC handlers unmask and
# start them once their prerequisites are on disk.
RUN systemctl mask nostr-vpn.service archipelago-wg.service archipelago-wg-address.service || true
# [FAILED] in the boot MOTD every reboot. Mask by replacing each
# .service with a /dev/null symlink — plain `systemctl mask` refuses
# to clobber the real files we just COPY'd in, so the previous
# attempt left the services installable via dependency chains
# (nostr-relay has Before=nostr-vpn, which pulls it in). Explicit
# rm + ln -sf creates the proper masked state. The onboarding flow
# removes the symlink and drops in a configured service when env
# files are in place.
RUN for svc in nostr-vpn archipelago-wg archipelago-wg-address; do \\
rm -f /etc/systemd/system/$svc.service; \\
ln -sf /dev/null /etc/systemd/system/$svc.service; \\
done
# Remove policy-rc.d so services can start on first boot
RUN rm -f /usr/sbin/policy-rc.d
@@ -660,11 +668,16 @@ apt-get install -y -qq debootstrap squashfs-tools initramfs-tools dosfstools mto
grub-efi-amd64-bin grub-pc-bin grub-common isolinux syslinux-common
echo " [container] Running debootstrap --variant=minbase..."
# ifupdown + isc-dhcp-client added because live-boot's /init writes
# /etc/network/interfaces on the target — without ifupdown, /etc/network/
# doesn't exist and the initramfs throws a non-fatal but noisy
# "can't create /root/etc/network/interfaces: nonexistent directory".
debootstrap --variant=minbase --arch=${DEB_ARCH} \
--include=systemd,systemd-sysv,udev,dbus,bash,coreutils,mount,util-linux,\
kmod,procps,iproute2,ca-certificates,gdisk,\
cryptsetup,cryptsetup-initramfs,parted,dosfstools,e2fsprogs,\
linux-image-${DEB_ARCH},grub-efi-${DEB_ARCH},grub-pc-bin,\
ifupdown,isc-dhcp-client,\
pciutils,usbutils,less,nano \
trixie /installer http://deb.debian.org/debian

13
image-recipe/configs/archipelago-kiosk.service
View File

@@ -1,15 +1,20 @@
[Unit]
Description=Archipelago Kiosk (X11 + Chromium)
After=archipelago.service
Wants=archipelago.service
After=archipelago.service systemd-user-sessions.service network-online.target
Wants=archipelago.service network-online.target
ConditionPathExists=/usr/local/bin/archipelago-kiosk-launcher
Conflicts=getty@tty1.service
[Service]
Type=simple
ExecStartPre=/bin/bash -c 'for i in $(seq 1 15); do curl -sf http://localhost/health >/dev/null 2>&1 && exit 0; sleep 2; done; exit 0'
# Wait up to 120s for archipelago to serve /health. On first boot it
# can take longer than 30s — the backend initialises state, unbundled
# ISO pulls FileBrowser, and the frontend dist has to settle. The
# previous 30s cap was firing Chromium at a not-yet-ready backend and
# the resulting blank window only recovered on reboot.
ExecStartPre=/bin/bash -c 'for i in $(seq 1 60); do curl -sf http://localhost/health >/dev/null 2>&1 && break; sleep 2; done'
ExecStart=/usr/local/bin/archipelago-kiosk-launcher
TimeoutStartSec=60
TimeoutStartSec=180
Restart=always
RestartSec=5